"The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters," wrote Mozilla's director of security assurance, Michael Coates. "At this time we have no indication that this vulnerability is currently being exploited in the wild."